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MESSAGE # 


DESCRPTION 


1. 

2. 

3. 
4. • 


The Service User will make a request for an ASP page from a browser. 

The ASP is executed which will create a CooOCE object and call the 
VdidatAccessOmethod. This method is intended to validate that the Service 
User does have access to the ASP being executed. 


Call the helper method DoesSessionCookieExist to determine if the 

CISESSIONID cookie exists in the IRequest.Cookies collection. In this sequence 
diagram assume S FALSE is returned. 


5. 


GetGateway is caOed to extract the Gateway Name from the ASP 
ServerVariables CoBection of the ASP Request object. The PAThLINFO 
variable will return the part of the URL after the server name but before any 
query string. The gateway name would be the first directory in the PATH JNFO. 

For example: 


6. 


URL Request: http://MyServer/CoollCE/abc.asp 

PATHJNFO:/CooHCE/abc.asp 

Gateway: CooJCE 

DoesSessionExistsO is called to determine if a the HTML SignOn torm needs to 
be processed. 

The bstrSessionID parameter is set to an empty BSTR. 

The bstrGatewayName parameter is the value returned by GetGatewayO: 


7. 


DoesSessionExistO has determined that a CCISession object does not exist and a 
signon is required The CISCErrorSignonRequired HRESULT from 
DoesSessionExistsO is described in sequence diagrams SC02 SC04. SC05. and 
SC07. 


O 
O. 


Prill Fv«wNit<»l i<5orVrdirintiftnSArviee to Drocess the SianOn form inout fields. In 
this sequence disgram assume S_OI\ is returned which indicates that a UserlD. 
Department, and Password are returned. Optionally, a New Password is 
returned. 
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CreateSessionO is cdled to create a CCISession object. 

The parameters are set as follows: 

-bstrGatewayName is the value returned by GetGatewayO 

-bstrUserlD is the vdue of the bstrUserD parameter from the call to 
ExecuteUserVdidationServiceO 

-bstrPassword is the value of the bstrPassWd parameter from the cdl to 
ExecuteUserVdidationServiceO 

-nDepartment is the vdue of the nDept parameter from the cdl to 
ExecuteUserVdidationServiceO 

-pbstrSessionID is the address of a local variable. 

In order to validate that the Service User has access to the ASP. a CoollCE 
enqine is required. In addition, if the Service User does have access, then the 
CoollCE engine will be needed to allow the ASP to execute additional CoollCE 
services. 

Therefore, ICISessionControl::GetEngine() is called to access an instance of a 
CoollCE engine that is managed by a Connection Pool. 

The bstrSessionlD parameter is a unique identifier for the Service User. This 
identifier is returned by the ICISessionControl::CreateSession() method. 

The bstrGatewayName parameter is the value returned by GetGatewayO. 

The bstrNewPassword parameter is the value of he bstrNewPassword parameter 
returned by ExecuteUserVdidationServiceO. In most cases, this parameter will 
be an empty string, except when the current password has expired, and a 
new passowrd was specified. 
Call WriteSessionlDCookie to write the SessionID value returned by 

ICISessionControl::CreateSession out to the browser as the CISESSIONID 
cookie. 

The helper method GetASPFilelnfo is called to retrieve the virtual directory alias 
name and the file name of the ASP. 

The ICIICEEngine::CheckProfile() method is called to verify that the user, as 
known to the Cool ICE engine, does have access to the ASP. 

The VdidateAccessO method will return ClAccessAllowed status indicating that 

the Service User does have access, therefore, the execution of the ASP can 
continue. 





